avcodec/truemotion2: Check len in tm2_read_stream()

Fixes: Timeout
Fixes: 8774/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TRUEMOTION2_fuzzer-5942199639343104

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
This commit is contained in:
Michael Niedermayer 2018-07-01 21:19:57 +02:00
parent 00f98d23b1
commit 4423085ca5

View File

@ -377,6 +377,10 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
}
}
} else {
if (len < 0) {
ret = AVERROR_INVALIDDATA;
goto end;
}
for (i = 0; i < toks; i++) {
ctx->tokens[stream_id][i] = codes.recode[0];
if (stream_id <= TM2_MOT && ctx->tokens[stream_id][i] >= TM2_DELTAS) {